DGC's Random Mutterings

Home
Archives
Control Panel
DChampagne.com (yeah, it's pretty basic)
My Resume
My Full Background
Blogs worth following: Paul Madsen's ConnectID

Conor's Web Log of Esoterica

Planet Identity
Joel On Software
Mobile Open Source

Note: This blog is hosted on a server in my basement. Greymatter Forums

October 2006
SMTWTFS
1234567
891011121314
15161718192021
22232425262728
293031    

Valid XHTML 1.0!

Powered By Greymatter

Home » Archives » October 2006 » Symantec System Slowdown Utilities, er....

[Previous entry: "Blog Cleanup"] [Next entry: "Software Support 101"]

10/20/2006: "Symantec System Slowdown Utilities, er...."

mood: Irritated

Or, Norton Internet Security 2006, Norton AntiVirus 2006, DeadUpdate (I mean LiveUpdate), and so on.

So I was recently browsing around, and saw some of the usual complaining about how much Symantec drags down your system. Specifically, Ed Foster's Gripeline at InfoWorld, at Gripe1, Gripe2, and some of what it references - such as What_Really_Slows_Windows_Down. It reminded me (again) of how bad Symantec has gotten..... Oh for the days when Peter Norton was involved....

For background, I have used Norton Utilities since the very early DOS days, and still have the 1985 edition of Peter Norton's Guide to the IBM PC. Still have backups with the original DOS tools as well, lying around somewhere. Things became much less useful when Windows got popular, but still. I loved all the original Peter Norton stuff, utilities, and so on. Very useful stuff when writing device drivers, building custom PC hardware, and the like. More out of loyalty than any real reason, I picked up Norton Systemworks when I needed some utilites. What a disaster.... Norton Ghost appeared to work great - reboot, do full backups, everything verified, and so on. Only problem was, everything was unrestorable. Totally worthless, never got anywhere with it. I had other backup software, so other than a huge waste of time, no problems, removed Norton Ghost, but left the other tools in.

Norton Internet Security and Antivirus trial version came with the laptop, so when the trial ran out, rather than do all the uninstall, and play with other stuff, I just kept them. So things were clearly resource hogs, and some of the tools were worthless, but I kept them, rather than take the time to remove everything and probably have half the same issues with other tools. I actually liked Norton Password Manager, which came with the 2004 version of Systemworks. It seems they might be resurrecting it in the Norton Confidential program, but I can't see buying anything new from them...

Anyway, along came 2005, and with the renewal prices versus upgrade prices, I went ahead and upgraded. Well, that was a waste of money. Systemworks no longer included the password manager, and there were all sorts of uninstall/install problems. It was horrible trying to get NPM from Systemworks 2004 up and running with the 2005 versions of all the tools. 2005 Systemworks wouldn't install without uninstalling the entire 2004 version, installing the old over the new either failed, or created problems.... Anyway, I eventually got it all running together - one of those things where a lot of time has already been invested, a lot of the issues are finally known, so why throw away the money already spent and buy a new set of tools with a new learning curve.

Along comes 2006, and same issue again. Once again I went with the cheap route, and upgraded.

Now, all along, my system would periodically get really slow, and start having failures opening windows - all the classic signs of resource starvation. After some reviewing of http://www.sysinternals.com/ , and Mark's blog - http://www.sysinternals.com/Blog/ (now at the new location of http://blogs.technet.com/markrussinovich/default.aspx), somewhere around the Sony Root kit fiasco timeframe, I finally look into it. Symantec is an enormous resource hog, but so is Outlook, and my tendancy to leave a half dozen Word windows open, a couple of spreadsheets, and so on. Best I can come up with short term, without the real time to devote to it, is to bump the available handles way up - e.g. follow http://support.microsoft.com/kb/126962/en-us, and bump the sharedsections value up, since I don't run multiple users.

That works for a while, but still have to periodically reboot to get enough resources back (every couple of weeks - normally I just suspend).

One time, my system runs out of resources quite quickly, so I look into it some more. It turns out LiveUpdate is running every 5 minutes (apparently because it was failing, and rescheduling for 5 minutes later), AND their symlcsvc.exe license manager service is leaking 42 handles every single call. Well this clearly is a problem, so now that I know why the failure is occuring, I reboot and look into it further.

Turns out, after reboot, LiveUpdate now succeeds, but symlcsvc.exe still leaks 42 handles every time LiveUpdate runs - even if I just manually run it, and it finds absolutely nothing to update. Well, that is clearly a bug, and to me, a pretty serious one, since LiveUpdate defaults to running pretty frequently - something like every 2 hours, which means it always runs after every resume. Now, the workaround is obvious, run LiveUpdate less frequently, but I figure I'll try to be nice, and report the bug to Symantec support. After all, I have no idea when the bug started happening - it may have been recently introduces by a previous LiveUpdate, so maybe it could actually get fixed.

Now note, I don't expect them to just suddenly believe I know what I'm talking about, but I did have the vague hope that if I give them all the details to very quickly replicate the issue on their own, somewhere along the line someone would actually take the 2 minutes involved, replicate the issue, and log a bug.

Well, that is just the start of a huge waste of time, showing the uselessness of Symantec support and Symantec QA. I've linked the emails below, with summaries. Unfortunately, I don't have my initial report - since their messages never include anything we ever sent in before. What really ticks me off is that my sole expectation from all of this was for them to log a bug in their internal system, so maybe a developer would actually fix it - but no - never happens. Instead they finally tell me to use the workaround I suggested in my initial report - gee - that really helps. If you are interested, you can follow how I include screen shots, process viewer details, and everything that should easily show a developer what the issue is - or I have my summary interpretation for each. Many thanks to sysinternals, as usual.... Note that at the bottom of each message, I added links to the Next and Previous, as well as links for attachments, or the Outlook message format where the images don't export properly....

You can either start here "1 - RE'Case002-372-278' .htm", or see the extended text by viewing just this blog entry from the link entry below.

Of course, I have a similar story with Diskeeper trashing disks (and that they feel it's not their fault, even though their scan shows no problems, but then proceeds to basically wipe the disk), but maybe some other time.




Extended Text
--------- ----

Message 0 - report via the WebForm that LiveUpdate is causing symlcsvc.exe to leak handles, how to demonstrate it, and how to work around. Unfortunately, I don't have a copy of what I submitted (a definite flaw in their process).

Message 1 - "1 - RE'Case002-372-278' .htm"
They basically ignore everything I told them, and want me to start from scratch, understanding that I am "facing issues".

Message 2 - 2 - RE 'Case002-372-278' .htm with Attachment here "2 - Version Info of Symlcsvc.doc"
I answer the questions inline, include all the screenshots and details in an attachment, and reiterate that I have a workaround, and would just like them to log a bug with the developers.

Message 3 - "3 - RE 'Case002-372-278' .htm" with Attachment here "3 - Version Info of Symlcsvc.doc"
I reply to my message 2, adding the details that I forgot regarding LiveUpdate failing, and re-running every 5 minutes, and with an expanded attachment.

Message 4 - "4 - RE 'Case002-372-278' .htm"
I reply to message 3, and include how to easily reproduce the behavior from a clean boot.

Message 5 - "5 - RE'Case002-372-278'.htm"
They reply, acknowledge that I am facing "system performance issues", and pretty much ignore everything else I say. They ask me to restart my computer, revise the LiveUpdate config to use my internet connect, and increase my hard disk space.

Message 6 - "6 - RE'Case002-372-278'.htm", version with images here "6 - RE 'Case002-372-278'.msg"
Since I had already provided instructions on how to reproduce the problem after a clean boot, had LiveUpdate already using my internet connection (and working fine), and had 11Gb free disk space, this was completely useless. This is starting to get really annoying, but I follow the silly instructions anyway, post screen shots showing each part, and displayed all the system info. Big surprise, reboot #7 has the same behavior as the prior 6. I ask them to tell me how many handles symlcsvc.exe uses on a known good system - what is reasonable to expect?

Message 7 - "7 - RE'Case002-372-278'.htm"
No answer to my question (which if they used their software, would take all of 1 minute to check, or 2 to reproduce the problem - I even explain how to view handles in the task manager). The useless stock response appears to be that if it is somehow related to LiveUpdate, completely remove liveUpdate, and try again. Of course, that doesn't touch the license server software, but whatever....

Message 8 - "8 - RE 'Case002-372-278'.htm"
I reply, follow directions, discover their tool is totally broken, do the steps manually, and the grand result is that the resource leak is now 40 handles, instead of 42.

Message 9 - "9 - RE'Case002-372-278'.htm"
Now the stock reply is to remove everything related to Norton / Symantec from my machine, include extra tools to clean up what the install program misses, and reinstall. One might ask why you don't fix the uninstall process, but anyway....

Message 10 - "10 - RE 'Case002-372-278'.htm"
I rant a bit, about how I'm fed up that they ignore what I say, and can't suggest anything beyond the let's pray it goes away if you wipe your system and start over.

Message 11 - "11 - RE'Case002-372-278'.htm"
They basically repeat message 9

Message 12 - "12 - RE 'Case002-372-278'.htm", version with images here "12 - RE 'Case002-372-278'.msg"
When I have more time to foolishly waste, and after a full backup, I run their steps. It totally trashes NPM - it can't reinstall at all, and their web support just says it is no longer supported - too bad. Also, their tools fail to run again, so it all has to be done manually.

Message 13 - "13 - RE 'Case002-372-278'.htm", version with images here "13 - RE 'Case002-372-278'.msg"
I reply to message 12, including that I have already run the steps listed in the various web support pages - I figure the next message would just be to tell me to run them, so I may as well pre-empt that.

Message 14 - "14 - RE 'Case002-372-278'.htm", version with images here "14 - RE 'Case002-372-278'.msg"
I reply to message 13, and walk through the entire remove/replace process again, recording every single step, message reported, and so on. This is basically me trying to record a way to get their software installed properly again, if I can figure it out.

Message 15- "15 - RE 'Case002-372-278'.htm", version with images here "15 - RE 'Case002-372-278'.msg"
I reply to message 14, and run through the entire removal process, and show the problem occurs even with only installing Norton Internet Security - that it is not related to NPM or Norton Systemworks.

Message 16 - "16 - RE'Case002-372-278'.htm"
Now they want me to remove absolutely everything related to Norton or Symantec - the full delete every directory, delete every registry key, everything - which means re-activating, entering product keys, etc.

Message 17 - "17 - RE 'Case002-372-278'.htm"
By now, I have totally had it with the nonsense. In order to get my system fully up and running, I had to restore from the backup I made just before the whole remove and reinstall process (Yes, I am paranoid about following silly tech support suggestions). Rather than trash my main system again, I follow the process they list on a machine that doesn't have any of the Norton software installed at all. There were a couple of old registry keys lying around from the original trial offer on the machine that didn't clean themselves out, but that was about it. Clear every directory and registry tree related to Norton or Symantec in any way - global search of the registry, plus everything they list. Even on a totally clean system, installing just Norton Internet Security, with LiveUpdate, there still is a resource leak, just fewer handles each time - at least 12 handles leaked every time LiveUpdate runs (whether it actually updates anything or not).

I reiterate that I am willing to run debugging versions of their software, set the registry keys that do full logging, and other reasonable things that would help, but that as I stated up front, they have some real resource leaks.

Message 18 - "18 - RE'Case002-372-278'.htm"
They now tell me to disable LiveUpdate so as to stop the leak, and run it manually. Sounds vaguely like what I reported in the initial problem report... Of course, as I pointed out multiple times, running it manually still has the leak, so my workaround of changing the LiveUpdate interval is still the better approach, but anyway....

What a total, useless waste, and no acknowledgement of there being a bug, or logging it with QA, or anything....

New Comment
Name:
E-Mail:
Homepage:
Repeat after Me: NO SPAM ALLOWED
Smilies:
smile shocked sad
big grin razz *wink wink* hey baby
angry, grr blush confused
cool crazy cry
sleepy hehe LOL
plain jane rolls eyes satisfied